Project

General

Profile

Download (24.4 KB) Statistics
| Branch: | Tag: | Revision:
1 fbf672cb Matthew Grooms
<?php
2
/*
3 ce77a9c4 Phil Davis
	system_authservers.php
4 fbf672cb Matthew Grooms
*/
5 ac9d8bed Stephen Beaver
/* ====================================================================
6
 *	Copyright (c)  2004-2015  Electric Sheep Fencing, LLC. All rights reserved.
7
 *	Copyright (c)  2004, 2005 Scott Ullrich
8 df8fca9d Stephen Beaver
 *	Copyright (c)  2008 Shrew Soft Inc.
9
 *	Copyright (c)  2010 Ermal Luçi
10 ac9d8bed Stephen Beaver
 *
11
 *	Redistribution and use in source and binary forms, with or without modification,
12
 *	are permitted provided that the following conditions are met:
13
 *
14
 *	1. Redistributions of source code must retain the above copyright notice,
15
 *		this list of conditions and the following disclaimer.
16
 *
17
 *	2. Redistributions in binary form must reproduce the above copyright
18
 *		notice, this list of conditions and the following disclaimer in
19
 *		the documentation and/or other materials provided with the
20
 *		distribution.
21
 *
22
 *	3. All advertising materials mentioning features or use of this software
23
 *		must display the following acknowledgment:
24
 *		"This product includes software developed by the pfSense Project
25
 *		 for use in the pfSense software distribution. (http://www.pfsense.org/).
26
 *
27
 *	4. The names "pfSense" and "pfSense Project" must not be used to
28
 *		 endorse or promote products derived from this software without
29
 *		 prior written permission. For written permission, please contact
30
 *		 coreteam@pfsense.org.
31
 *
32
 *	5. Products derived from this software may not be called "pfSense"
33
 *		nor may "pfSense" appear in their names without prior written
34
 *		permission of the Electric Sheep Fencing, LLC.
35
 *
36
 *	6. Redistributions of any form whatsoever must retain the following
37
 *		acknowledgment:
38
 *
39
 *	"This product includes software developed by the pfSense Project
40
 *	for use in the pfSense software distribution (http://www.pfsense.org/).
41
 *
42
 *	THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY
43
 *	EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
44
 *	IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
45
 *	PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR
46
 *	ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
47
 *	SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
48
 *	NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
49
 *	LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
50
 *	HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
51
 *	STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
52
 *	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
53
 *	OF THE POSSIBILITY OF SUCH DAMAGE.
54
 *
55
 *	====================================================================
56
 *
57
 */
58 1d333258 Scott Ullrich
/*
59 ac9d8bed Stephen Beaver
	pfSense_MODULE: auth
60 1d333258 Scott Ullrich
*/
61 fbf672cb Matthew Grooms
62
##|+PRIV
63
##|*IDENT=page-system-authservers
64
##|*NAME=System: Authentication Servers
65
##|*DESCR=Allow access to the 'System: Authentication Servers' page.
66
##|*MATCH=system_authservers.php*
67
##|-PRIV
68
69
require("guiconfig.inc");
70 acee624f Ermal Lu?i
require_once("auth.inc");
71 fbf672cb Matthew Grooms
72 257705ca Renato Botelho
$pgtitle = array(gettext("System"), gettext("Authentication Servers"));
73 d71fc5d3 jim-p
$shortcut_section = "authentication";
74 fbf672cb Matthew Grooms
75 2ee8dea1 Phil Davis
if (is_numericint($_GET['id'])) {
76 e41ec584 Renato Botelho
	$id = $_GET['id'];
77 2ee8dea1 Phil Davis
}
78
if (isset($_POST['id']) && is_numericint($_POST['id'])) {
79 fbf672cb Matthew Grooms
	$id = $_POST['id'];
80 2ee8dea1 Phil Davis
}
81 fbf672cb Matthew Grooms
82 2ee8dea1 Phil Davis
if (!is_array($config['system']['authserver'])) {
83 fbf672cb Matthew Grooms
	$config['system']['authserver'] = array();
84 2ee8dea1 Phil Davis
}
85 fbf672cb Matthew Grooms
86 6306b5dd Ermal Lu?i
$a_servers = auth_get_authserver_list();
87 2ee8dea1 Phil Davis
foreach ($a_servers as $servers) {
88 6306b5dd Ermal Lu?i
	$a_server[] = $servers;
89 2ee8dea1 Phil Davis
}
90 fbf672cb Matthew Grooms
91 2ee8dea1 Phil Davis
if (!is_array($config['ca'])) {
92 a0165602 Sjon Hortensius
	$config['ca'] = array();
93 2ee8dea1 Phil Davis
}
94 fe2031ab Ermal
$a_ca =& $config['ca'];
95
96 fbf672cb Matthew Grooms
$act = $_GET['act'];
97 2ee8dea1 Phil Davis
if ($_POST['act']) {
98 fbf672cb Matthew Grooms
	$act = $_POST['act'];
99 2ee8dea1 Phil Davis
}
100 fbf672cb Matthew Grooms
101
if ($act == "del") {
102
103
	if (!$a_server[$_GET['id']]) {
104
		pfSenseHeader("system_authservers.php");
105
		exit;
106
	}
107
108 9db6993f jim-p
	/* Remove server from main list. */
109 fbf672cb Matthew Grooms
	$serverdeleted = $a_server[$_GET['id']]['name'];
110 9db6993f jim-p
	foreach ($config['system']['authserver'] as $k => $as) {
111 2ee8dea1 Phil Davis
		if ($config['system']['authserver'][$k]['name'] == $serverdeleted) {
112 9db6993f jim-p
			unset($config['system']['authserver'][$k]);
113 2ee8dea1 Phil Davis
		}
114 9db6993f jim-p
	}
115
116
	/* Remove server from temp list used later on this page. */
117 fbf672cb Matthew Grooms
	unset($a_server[$_GET['id']]);
118 9db6993f jim-p
119 2ee8dea1 Phil Davis
	$savemsg = gettext("Authentication Server") . " " . htmlspecialchars($serverdeleted) . " " . gettext("deleted") . "<br />";
120 9db6993f jim-p
	write_config($savemsg);
121 fbf672cb Matthew Grooms
}
122
123
if ($act == "edit") {
124
	if (isset($id) && $a_server[$id]) {
125
126
		$pconfig['type'] = $a_server[$id]['type'];
127
		$pconfig['name'] = $a_server[$id]['name'];
128
129
		if ($pconfig['type'] == "ldap") {
130 fe2031ab Ermal
			$pconfig['ldap_caref'] = $a_server[$id]['ldap_caref'];
131 fbf672cb Matthew Grooms
			$pconfig['ldap_host'] = $a_server[$id]['host'];
132
			$pconfig['ldap_port'] = $a_server[$id]['ldap_port'];
133 d6b4dfe3 jim-p
			$pconfig['ldap_timeout'] = $a_server[$id]['ldap_timeout'];
134 fbf672cb Matthew Grooms
			$pconfig['ldap_urltype'] = $a_server[$id]['ldap_urltype'];
135
			$pconfig['ldap_protver'] = $a_server[$id]['ldap_protver'];
136
			$pconfig['ldap_scope'] = $a_server[$id]['ldap_scope'];
137
			$pconfig['ldap_basedn'] = $a_server[$id]['ldap_basedn'];
138 c61e4626 Ermal Lu?i
			$pconfig['ldap_authcn'] = $a_server[$id]['ldap_authcn'];
139 c7073ebf namezero111111
			$pconfig['ldap_extended_enabled'] = $a_server[$id]['ldap_extended_enabled'];
140
			$pconfig['ldap_extended_query'] = $a_server[$id]['ldap_extended_query'];
141 fbf672cb Matthew Grooms
			$pconfig['ldap_binddn'] = $a_server[$id]['ldap_binddn'];
142
			$pconfig['ldap_bindpw'] = $a_server[$id]['ldap_bindpw'];
143
			$pconfig['ldap_attr_user'] = $a_server[$id]['ldap_attr_user'];
144
			$pconfig['ldap_attr_group'] = $a_server[$id]['ldap_attr_group'];
145
			$pconfig['ldap_attr_member'] = $a_server[$id]['ldap_attr_member'];
146 149efbea jim-p
			$pconfig['ldap_attr_groupobj'] = $a_server[$id]['ldap_attr_groupobj'];
147 a5cd1c5a jim-p
			$pconfig['ldap_utf8'] = isset($a_server[$id]['ldap_utf8']);
148
			$pconfig['ldap_nostrip_at'] = isset($a_server[$id]['ldap_nostrip_at']);
149 149efbea jim-p
			$pconfig['ldap_rfc2307'] = isset($a_server[$id]['ldap_rfc2307']);
150 fbf672cb Matthew Grooms
151 2ee8dea1 Phil Davis
			if (!$pconfig['ldap_binddn'] || !$pconfig['ldap_bindpw']) {
152 fbf672cb Matthew Grooms
				$pconfig['ldap_anon'] = true;
153 2ee8dea1 Phil Davis
			}
154 fbf672cb Matthew Grooms
		}
155
156
		if ($pconfig['type'] == "radius") {
157
			$pconfig['radius_host'] = $a_server[$id]['host'];
158
			$pconfig['radius_auth_port'] = $a_server[$id]['radius_auth_port'];
159
			$pconfig['radius_acct_port'] = $a_server[$id]['radius_acct_port'];
160 e8a58de4 Ermal Lu?i
			$pconfig['radius_secret'] = $a_server[$id]['radius_secret'];
161 bddd2be8 jim-p
			$pconfig['radius_timeout'] = $a_server[$id]['radius_timeout'];
162 fbf672cb Matthew Grooms
163
			if ($pconfig['radius_auth_port'] &&
164 ac9d8bed Stephen Beaver
				$pconfig['radius_acct_port']) {
165 fbf672cb Matthew Grooms
				$pconfig['radius_srvcs'] = "both";
166
			}
167
168 2ee8dea1 Phil Davis
			if ($pconfig['radius_auth_port'] &&
169 ac9d8bed Stephen Beaver
				!$pconfig['radius_acct_port']) {
170 fbf672cb Matthew Grooms
				$pconfig['radius_srvcs'] = "auth";
171 acee624f Ermal Lu?i
				$pconfig['radius_acct_port'] = 1813;
172 fbf672cb Matthew Grooms
			}
173
174
			if (!$pconfig['radius_auth_port'] &&
175 ac9d8bed Stephen Beaver
				$pconfig['radius_acct_port']) {
176 fbf672cb Matthew Grooms
				$pconfig['radius_srvcs'] = "acct";
177 acee624f Ermal Lu?i
				$pconfig['radius_auth_port'] = 1812;
178 fbf672cb Matthew Grooms
			}
179
180
		}
181
	}
182
}
183
184
if ($act == "new") {
185
	$pconfig['ldap_protver'] = 3;
186
	$pconfig['ldap_anon'] = true;
187
	$pconfig['radius_srvcs'] = "both";
188 acee624f Ermal Lu?i
	$pconfig['radius_auth_port'] = "1812";
189
	$pconfig['radius_acct_port'] = "1813";
190 fbf672cb Matthew Grooms
}
191
192
if ($_POST) {
193
	unset($input_errors);
194
	$pconfig = $_POST;
195
196
	/* input validation */
197
198
	if ($pconfig['type'] == "ldap") {
199 2ee8dea1 Phil Davis
		$reqdfields = explode(" ",
200
			"name type ldap_host ldap_port " .
201
			"ldap_urltype ldap_protver ldap_scope " .
202
			"ldap_attr_user ldap_attr_group ldap_attr_member ldapauthcontainers");
203 7b4b0ad3 Stephen Beaver
204 257705ca Renato Botelho
		$reqdfieldsn = array(
205
			gettext("Descriptive name"),
206
			gettext("Type"),
207
			gettext("Hostname or IP"),
208
			gettext("Port value"),
209
			gettext("Transport"),
210
			gettext("Protocol version"),
211
			gettext("Search level"),
212
			gettext("User naming Attribute"),
213
			gettext("Group naming Attribute"),
214
			gettext("Group member attribute"),
215
			gettext("Authentication container"));
216 fbf672cb Matthew Grooms
217
		if (!$pconfig['ldap_anon']) {
218
			$reqdfields[] = "ldap_binddn";
219
			$reqdfields[] = "ldap_bindpw";
220 257705ca Renato Botelho
			$reqdfieldsn[] = gettext("Bind user DN");
221
			$reqdfieldsn[] = gettext("Bind Password");
222 fbf672cb Matthew Grooms
		}
223
	}
224
225
	if ($pconfig['type'] == "radius") {
226
		$reqdfields = explode(" ", "name type radius_host radius_srvcs");
227 257705ca Renato Botelho
		$reqdfieldsn = array(
228
			gettext("Descriptive name"),
229
			gettext("Type"),
230
			gettext("Hostname or IP"),
231
			gettext("Services"));
232 fbf672cb Matthew Grooms
233
		if ($pconfig['radisu_srvcs'] == "both" ||
234 ac9d8bed Stephen Beaver
			$pconfig['radisu_srvcs'] == "auth") {
235 fbf672cb Matthew Grooms
			$reqdfields[] = "radius_auth_port";
236 81ec3187 Chris Buechler
			$reqdfieldsn[] = gettext("Authentication port");
237 fbf672cb Matthew Grooms
		}
238
239
		if ($pconfig['radisu_srvcs'] == "both" ||
240 ac9d8bed Stephen Beaver
			$pconfig['radisu_srvcs'] == "acct") {
241 fbf672cb Matthew Grooms
			$reqdfields[] = "radius_acct_port";
242 81ec3187 Chris Buechler
			$reqdfieldsn[] = gettext("Accounting port");
243 fbf672cb Matthew Grooms
		}
244
245
		if (!isset($id)) {
246
			$reqdfields[] = "radius_secret";
247 257705ca Renato Botelho
			$reqdfieldsn[] = gettext("Shared Secret");
248 fbf672cb Matthew Grooms
		}
249
	}
250
251 1e9b4611 Renato Botelho
	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
252 fbf672cb Matthew Grooms
253 2ee8dea1 Phil Davis
	if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['host'])) {
254 fbf672cb Matthew Grooms
		$input_errors[] = gettext("The host name contains invalid characters.");
255 2ee8dea1 Phil Davis
	}
256 fbf672cb Matthew Grooms
257 2ee8dea1 Phil Davis
	if (auth_get_authserver($pconfig['name']) && !isset($id)) {
258 257705ca Renato Botelho
		$input_errors[] = gettext("An authentication server with the same name already exists.");
259 2ee8dea1 Phil Davis
	}
260 acee624f Ermal Lu?i
261 d6b4dfe3 jim-p
	if (($pconfig['type'] == "ldap") || ($pconfig['type'] == "radius")) {
262
		$to_field = "{$pconfig['type']}_timeout";
263
		if (isset($_POST[$to_field]) && !empty($_POST[$to_field]) && (!is_numeric($_POST[$to_field]) || (is_numeric($_POST[$to_field]) && ($_POST[$to_field] <= 0)))) {
264
			$input_errors[] = sprintf(gettext("%s Timeout value must be numeric and positive."), strtoupper($pconfig['type']));
265
		}
266 2ee8dea1 Phil Davis
	}
267 bddd2be8 jim-p
268 fbf672cb Matthew Grooms
	/* if this is an AJAX caller then handle via JSON */
269
	if (isAjax() && is_array($input_errors)) {
270
		input_errors2Ajax($input_errors);
271
		exit;
272
	}
273
274
	if (!$input_errors) {
275
		$server = array();
276
		$server['refid'] = uniqid();
277 2ee8dea1 Phil Davis
		if (isset($id) && $a_server[$id]) {
278 fbf672cb Matthew Grooms
			$server = $a_server[$id];
279 2ee8dea1 Phil Davis
		}
280 fbf672cb Matthew Grooms
281
		$server['type'] = $pconfig['type'];
282
		$server['name'] = $pconfig['name'];
283
284
		if ($server['type'] == "ldap") {
285
286 2ee8dea1 Phil Davis
			if (!empty($pconfig['ldap_caref'])) {
287 fe2031ab Ermal
				$server['ldap_caref'] = $pconfig['ldap_caref'];
288 2ee8dea1 Phil Davis
			}
289 fbf672cb Matthew Grooms
			$server['host'] = $pconfig['ldap_host'];
290
			$server['ldap_port'] = $pconfig['ldap_port'];
291
			$server['ldap_urltype'] = $pconfig['ldap_urltype'];
292
			$server['ldap_protver'] = $pconfig['ldap_protver'];
293
			$server['ldap_scope'] = $pconfig['ldap_scope'];
294
			$server['ldap_basedn'] = $pconfig['ldap_basedn'];
295 c61e4626 Ermal Lu?i
			$server['ldap_authcn'] = $pconfig['ldapauthcontainers'];
296 c7073ebf namezero111111
			$server['ldap_extended_enabled'] = $pconfig['ldap_extended_enabled'];
297
			$server['ldap_extended_query'] = $pconfig['ldap_extended_query'];
298 fbf672cb Matthew Grooms
			$server['ldap_attr_user'] = $pconfig['ldap_attr_user'];
299
			$server['ldap_attr_group'] = $pconfig['ldap_attr_group'];
300
			$server['ldap_attr_member'] = $pconfig['ldap_attr_member'];
301 149efbea jim-p
302
			$server['ldap_attr_groupobj'] = empty($pconfig['ldap_attr_groupobj']) ? "posixGroup" : $pconfig['ldap_attr_groupobj'];
303
304 2ee8dea1 Phil Davis
			if ($pconfig['ldap_utf8'] == "yes") {
305 a5cd1c5a jim-p
				$server['ldap_utf8'] = true;
306 2ee8dea1 Phil Davis
			} else {
307 a5cd1c5a jim-p
				unset($server['ldap_utf8']);
308 2ee8dea1 Phil Davis
			}
309
			if ($pconfig['ldap_nostrip_at'] == "yes") {
310 a5cd1c5a jim-p
				$server['ldap_nostrip_at'] = true;
311 2ee8dea1 Phil Davis
			} else {
312 a5cd1c5a jim-p
				unset($server['ldap_nostrip_at']);
313 2ee8dea1 Phil Davis
			}
314 149efbea jim-p
			if ($pconfig['ldap_rfc2307'] == "yes") {
315
				$server['ldap_rfc2307'] = true;
316
			} else {
317
				unset($server['ldap_rfc2307']);
318
			}
319 a5cd1c5a jim-p
320 fbf672cb Matthew Grooms
321
			if (!$pconfig['ldap_anon']) {
322
				$server['ldap_binddn'] = $pconfig['ldap_binddn'];
323
				$server['ldap_bindpw'] = $pconfig['ldap_bindpw'];
324
			} else {
325
				unset($server['ldap_binddn']);
326
				unset($server['ldap_bindpw']);
327
			}
328 d6b4dfe3 jim-p
329
			if ($pconfig['ldap_timeout']) {
330
				$server['ldap_timeout'] = $pconfig['ldap_timeout'];
331
			} else {
332
				$server['ldap_timeout'] = 25;
333
			}
334 fbf672cb Matthew Grooms
		}
335
336
		if ($server['type'] == "radius") {
337
338
			$server['host'] = $pconfig['radius_host'];
339
340 2ee8dea1 Phil Davis
			if ($pconfig['radius_secret']) {
341 fbf672cb Matthew Grooms
				$server['radius_secret'] = $pconfig['radius_secret'];
342 2ee8dea1 Phil Davis
			}
343 fbf672cb Matthew Grooms
344 2ee8dea1 Phil Davis
			if ($pconfig['radius_timeout']) {
345 bddd2be8 jim-p
				$server['radius_timeout'] = $pconfig['radius_timeout'];
346 2ee8dea1 Phil Davis
			} else {
347 afdf29d3 jim-p
				$server['radius_timeout'] = 5;
348 2ee8dea1 Phil Davis
			}
349 bddd2be8 jim-p
350 fbf672cb Matthew Grooms
			if ($pconfig['radius_srvcs'] == "both") {
351
				$server['radius_auth_port'] = $pconfig['radius_auth_port'];
352
				$server['radius_acct_port'] = $pconfig['radius_acct_port'];
353
			}
354
355
			if ($pconfig['radius_srvcs'] == "auth") {
356
				$server['radius_auth_port'] = $pconfig['radius_auth_port'];
357
				unset($server['radius_acct_port']);
358
			}
359
360
			if ($pconfig['radius_srvcs'] == "acct") {
361
				$server['radius_acct_port'] = $pconfig['radius_acct_port'];
362
				unset($server['radius_auth_port']);
363
			}
364
		}
365
366 2ee8dea1 Phil Davis
		if (isset($id) && $config['system']['authserver'][$id]) {
367 6306b5dd Ermal Lu?i
			$config['system']['authserver'][$id] = $server;
368 2ee8dea1 Phil Davis
		} else {
369 6306b5dd Ermal Lu?i
			$config['system']['authserver'][] = $server;
370 2ee8dea1 Phil Davis
		}
371 fbf672cb Matthew Grooms
372
		write_config();
373
374
		pfSenseHeader("system_authservers.php");
375
	}
376
}
377
378 1d3259b5 Stephen Beaver
// On error, restore the form contents so the user doesn't have to re-enter too much
379 504bd882 Stephen Beaver
if($_POST && $input_errors) {
380
	$pconfig = $_POST;
381
	$pconfig['ldap_authcn'] = $_POST['ldapauthcontainers'];
382 b1f0f7e1 Stephen Beaver
	$pconfig['ldap_template'] = $_POST['ldap_tmpltype'];
383 504bd882 Stephen Beaver
}
384
385 fbf672cb Matthew Grooms
include("head.inc");
386
387 a0165602 Sjon Hortensius
if ($input_errors)
388
	print_input_errors($input_errors);
389 7b4b0ad3 Stephen Beaver
390 a0165602 Sjon Hortensius
if ($savemsg)
391 ea342b0f Stephen Beaver
	print_info_box($savemsg, 'success');
392 a0165602 Sjon Hortensius
393
$tab_array = array();
394
$tab_array[] = array(gettext("Users"), false, "system_usermanager.php");
395
$tab_array[] = array(gettext("Groups"), false, "system_groupmanager.php");
396
$tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.php");
397
$tab_array[] = array(gettext("Servers"), true, "system_authservers.php");
398
display_top_tabs($tab_array);
399
400
if (!($act == "new" || $act == "edit" || $input_errors))
401
{
402
	?>
403 94404d94 Sander van Leeuwen
	<div class="table-responsive">
404
		<table class="table table-striped table-hover">
405
			<thead>
406
				<tr>
407
					<th><?=gettext("Server Name")?></th>
408
					<th><?=gettext("Type")?></th>
409
					<th><?=gettext("Host Name")?></th>
410 782922c2 Stephen Beaver
					<th><?=gettext("Actions")?></th>
411 94404d94 Sander van Leeuwen
				</tr>
412
			</thead>
413
			<tbody>
414
		<?php foreach($a_server as $i => $server): ?>
415
				<tr>
416
					<td><?=htmlspecialchars($server['name'])?></td>
417
					<td><?=htmlspecialchars($auth_server_types[$server['type']])?></td>
418
					<td><?=htmlspecialchars($server['host'])?></td>
419
					<td>
420
					<?php if ($i < (count($a_server) - 1)): ?>
421 f9dd6a4b heper
						<a class="fa fa-pencil" title="<?=gettext("Edit server"); ?>" href="system_authservers.php?act=edit&amp;id=<?=$i?>"></a>
422 33f0b0d5 Stephen Beaver
						<a class="fa fa-trash"  title="<?=gettext("Delete server")?>" href="system_authservers.php?act=del&amp;id=<?=$i?>"></a>
423 94404d94 Sander van Leeuwen
					<?php endif?>
424
					</td>
425
				</tr>
426
		<?php endforeach; ?>
427
			</tbody>
428
		</table>
429
	</div>
430
431 c10cb196 Stephen Beaver
	<nav class="action-buttons">
432 782922c2 Stephen Beaver
		<a href="?act=new" class="btn btn-success btn-sm">
433 9d5a20cf heper
			<i class="fa fa-plus icon-embed-btn"></i>
434 782922c2 Stephen Beaver
			<?=gettext("Add")?>
435
		</a>
436 94404d94 Sander van Leeuwen
	</nav>
437 fbf672cb Matthew Grooms
<?php
438 a0165602 Sjon Hortensius
	include("foot.inc");
439
	exit;
440 fbf672cb Matthew Grooms
}
441
442 ad2879b8 PiBa-NL
require_once('classes/Form.class.php');
443 a0165602 Sjon Hortensius
$form = new Form;
444
$form->setAction('system_authservers.php?act=edit');
445 ea342b0f Stephen Beaver
446 a0165602 Sjon Hortensius
$form->addGlobal(new Form_Input(
447
	'userid',
448
	null,
449
	'hidden',
450
	$id
451
));
452
453
$section = new Form_Section('Server settings');
454
455
$section->addInput($input = new Form_Input(
456
	'name',
457
	'Descriptive name',
458
	'text',
459
	$pconfig['name']
460
));
461
462
$section->addInput($input = new Form_Select(
463
	'type',
464
	'Type',
465
	$pconfig['type'],
466
	$auth_server_types
467 44d906ca Sjon Hortensius
))->toggles();
468 a0165602 Sjon Hortensius
469
$form->add($section);
470 6157f724 Stephen Beaver
471
// ==== LDAP settings =========================================================
472 a0165602 Sjon Hortensius
$section = new Form_Section('LDAP Server Settings');
473 44d906ca Sjon Hortensius
$section->addClass('toggle-ldap collapse');
474 a0165602 Sjon Hortensius
475
if (!isset($pconfig['type']) || $pconfig['type'] == 'ldap')
476
	$section->addClass('in');
477
478
$section->addInput(new Form_Input(
479
	'ldap_host',
480
	'Hostname or IP address',
481
	'text',
482
	$pconfig['ldap_host']
483
))->setHelp('NOTE: When using SSL, this hostname MUST match the Common Name '.
484 5585e65d Chris Buechler
	'(CN) of the LDAP server\'s SSL Certificate.');
485 a0165602 Sjon Hortensius
486
$section->addInput(new Form_Input(
487
	'ldap_port',
488
	'Port value',
489
	'number',
490
	$pconfig['ldap_port']
491
));
492
493
$section->addInput(new Form_Select(
494
	'ldap_urltype',
495
	'Transport',
496
	$pconfig['ldap_urltype'],
497
	array_combine(array_keys($ldap_urltypes), array_keys($ldap_urltypes))
498
));
499
500
if (empty($a_ca))
501
{
502
	$section->addInput(new Form_StaticText(
503
		'Peer Certificate Authority',
504
		'No Certificate Authorities defined.<br/>Create one under <a href="system_camanager.php">System &gt; Cert Manager</a>.'
505
	));
506 fbf672cb Matthew Grooms
}
507 a0165602 Sjon Hortensius
else
508
{
509
	$ldapCaRef = [];
510
	foreach ($a_ca as $ca)
511
		$ldapCaRef[ $ca['refid'] ] = $ca['descr'];
512
513
	$section->addInput(new Form_Select(
514
		'ldap_caref',
515
		'Peer Certificate Authority',
516
		$pconfig['ldap_caref'],
517
		$ldapCaRef
518
	))->setHelp('This option is used if \'SSL Encrypted\' option is choosen. '.
519
		'It must match with the CA in the AD otherwise problems will arise.');
520 fbf672cb Matthew Grooms
}
521
522 a0165602 Sjon Hortensius
$section->addInput(new Form_Select(
523
	'ldap_protver',
524
	'Protocol version',
525
	$pconfig['ldap_protver'],
526
	array_combine($ldap_protvers, $ldap_protvers)
527
));
528
529 d6b4dfe3 jim-p
$section->addInput(new Form_Input(
530
	'ldap_timeout',
531
	'Server Timeout',
532
	'number',
533
	$pconfig['ldap_timeout'],
534
	['placeholder' => 25]
535
))->setHelp('Timeout for LDAP operations (seconds)');
536
537 905f6119 Stephen Beaver
$group = new Form_Group('Search scope');
538
539 c84db5bb Stephen Beaver
$SSF = new Form_Select(
540 a0165602 Sjon Hortensius
	'ldap_scope',
541 c84db5bb Stephen Beaver
	'Level',
542 a0165602 Sjon Hortensius
	$pconfig['ldap_scope'],
543
	$ldap_scopes
544 c84db5bb Stephen Beaver
);
545 df8fca9d Stephen Beaver
546 c84db5bb Stephen Beaver
$SSB = new Form_Input(
547 a0165602 Sjon Hortensius
	'ldap_basedn',
548
	'Base DN',
549
	'text',
550
	$pconfig['ldap_basedn']
551 c84db5bb Stephen Beaver
);
552 905f6119 Stephen Beaver
553 c84db5bb Stephen Beaver
554
$section->addInput(new Form_StaticText(
555
	'Search scope',
556
	'Level ' . $SSF . '<br />' . 'Base DN' . $SSB
557
));
558 a0165602 Sjon Hortensius
559
$group = new Form_Group('Authentication containers');
560
$group->add(new Form_Input(
561
	'ldapauthcontainers',
562
	'Containers',
563
	'text',
564
	$pconfig['ldap_authcn']
565
))->setHelp('Note: Semi-Colon separated. This will be prepended to the search '.
566
	'base dn above or you can specify full container path containing a dc= '.
567
	'component.<br/>Example: CN=Users;DC=example,DC=com or OU=Staff;OU=Freelancers');
568 504bd882 Stephen Beaver
569 a0165602 Sjon Hortensius
$group->add(new Form_Button(
570
	'Select',
571 501efbd2 Stephen Beaver
	'Select a container'
572
))->removeClass('btn-primary')->addClass('btn-default');
573
574 a0165602 Sjon Hortensius
$section->add($group);
575
576 2e101d89 Sander van Leeuwen
$section->addInput(new Form_Checkbox(
577 a0165602 Sjon Hortensius
	'ldap_extended_enabled',
578 2e101d89 Sander van Leeuwen
	'Extended query',
579
	'Enable extended query',
580 a0165602 Sjon Hortensius
	$pconfig['ldap_extended_enabled']
581 e39a41e9 Stephen Beaver
));
582 a0165602 Sjon Hortensius
583 2e101d89 Sander van Leeuwen
$group = new Form_Group('Query');
584 e39a41e9 Stephen Beaver
$group->addClass('extended');
585
586 a0165602 Sjon Hortensius
$group->add(new Form_Input(
587
	'ldap_extended_query',
588 2e101d89 Sander van Leeuwen
	'Query',
589 a0165602 Sjon Hortensius
	'text',
590
	$pconfig['ldap_extended_query']
591 2e101d89 Sander van Leeuwen
))->setHelp('Example: &amp;(objectClass=inetOrgPerson)(mail=*@example.com)');
592
593 a0165602 Sjon Hortensius
$section->add($group);
594
595
$section->addInput(new Form_Checkbox(
596
	'ldap_anon',
597
	'Bind anonymous',
598
	'Use anonymous binds to resolve distinguished names',
599
	$pconfig['ldap_anon']
600 b0909f2e Stephen Beaver
));
601 a0165602 Sjon Hortensius
602
$group = new Form_Group('Bind credentials');
603 b0909f2e Stephen Beaver
$group->addClass('ldapanon');
604
605 a0165602 Sjon Hortensius
$group->add(new Form_Input(
606
	'ldap_binddn',
607
	'User DN:',
608
	'text',
609
	$pconfig['ldap_binddn']
610
));
611 b0909f2e Stephen Beaver
612 a0165602 Sjon Hortensius
$group->add(new Form_Input(
613
	'ldap_bindpw',
614
	'Password',
615
	'text',
616
	$pconfig['ldap_bindpw']
617
));
618
$section->add($group);
619
620 ac9d8bed Stephen Beaver
if (!isset($id)) {
621
	$template_list = array();
622
623
	foreach($ldap_templates as $option => $template) {
624
		$template_list[$option] = $template['desc'];
625
	}
626 a0165602 Sjon Hortensius
627
	$section->addInput(new Form_Select(
628
		'ldap_tmpltype',
629
		'Initial Template',
630
		$pconfig['ldap_template'],
631 ac9d8bed Stephen Beaver
		$template_list
632 a0165602 Sjon Hortensius
	));
633 fbf672cb Matthew Grooms
}
634
635 a0165602 Sjon Hortensius
$section->addInput(new Form_Input(
636
	'ldap_attr_user',
637
	'User naming attribute',
638
	'text',
639
	$pconfig['ldap_attr_user']
640
));
641
642
$section->addInput(new Form_Input(
643
	'ldap_attr_group',
644
	'Group naming attribute',
645
	'text',
646
	$pconfig['ldap_attr_group']
647
));
648
649
$section->addInput(new Form_Input(
650
	'ldap_attr_member',
651
	'Group member attribute',
652
	'text',
653
	$pconfig['ldap_attr_member']
654
));
655
656 149efbea jim-p
$section->addInput(new Form_Checkbox(
657
	'ldap_rfc2307',
658
	'RFC 2307 Groups',
659
	'LDAP Server uses RFC 2307 style group membership',
660
	$pconfig['ldap_rfc2307']
661
))->setHelp('RFC 2307 style group membership has members listed on the group '.
662
	'object rather than using groups listed on user object. Leave unchecked '.
663
	'for Active Directory style group membership (RFC 2307bis).');
664
665
$section->addInput(new Form_Input(
666
	'ldap_attr_groupobj',
667
	'Group Object Class',
668
	'text',
669
	$pconfig['ldap_attr_groupobj'],
670
	['placeholder' => 'posixGroup']
671
))->setHelp('Object class used for groups in RFC2307 mode. '.
672
	'Typically "posixGroup" or "group".');
673
674 a0165602 Sjon Hortensius
$section->addInput(new Form_Checkbox(
675
	'ldap_utf8',
676
	'UTF8 Encode',
677
	'UTF8 encode LDAP parameters before sending them to the server.',
678
	$pconfig['ldap_utf8']
679
))->setHelp('Required to support international characters, but may not be '.
680
	'supported by every LDAP server.');
681
682
$section->addInput(new Form_Checkbox(
683
	'ldap_nostrip_at',
684
	'Username Alterations',
685
	'Do not strip away parts of the username after the @ symbol',
686
	$pconfig['ldap_nostrip_at']
687
))->setHelp('e.g. user@host becomes user when unchecked.');
688
689
$form->add($section);
690 6157f724 Stephen Beaver
691
// ==== RADIUS section ========================================================
692 a0165602 Sjon Hortensius
$section = new Form_Section('Radius Server Settings');
693 44d906ca Sjon Hortensius
$section->addClass('toggle-radius collapse');
694 a0165602 Sjon Hortensius
695
$section->addInput(new Form_Input(
696
	'radius_host',
697
	'Hostname or IP address',
698
	'text',
699
	$pconfig['radius_host']
700
));
701
702
$section->addInput(new Form_Input(
703
	'radius_secret',
704
	'Shared Secret',
705
	'text',
706
	$pconfig['radius_secret']
707
));
708
709
$section->addInput(new Form_Select(
710
	'radius_srvcs',
711
	'Services offered',
712
	$pconfig['radius_srvcs'],
713
	$radius_srvcs
714
));
715
716
$section->addInput(new Form_Input(
717
	'radius_auth_port',
718 81ec3187 Chris Buechler
	'Authentication port',
719 a0165602 Sjon Hortensius
	'number',
720 df5d8616 Stephen Beaver
	$pconfig['radius_auth_port']
721 a0165602 Sjon Hortensius
));
722
723
$section->addInput(new Form_Input(
724
	'radius_acct_port',
725 df5d8616 Stephen Beaver
	'Accounting port',
726 a0165602 Sjon Hortensius
	'number',
727
	$pconfig['radius_acct_port']
728
));
729
730
$section->addInput(new Form_Input(
731
	'radius_timeout',
732
	'Authentication Timeout',
733
	'number',
734
	$pconfig['radius_timeout']
735
))->setHelp('This value controls how long, in seconds, that the RADIUS '.
736
	'server may take to respond to an authentication request. If left blank, the '.
737
	'default value is 5 seconds. NOTE: If you are using an interactive two-factor '.
738
	'authentication system, increase this timeout to account for how long it will '.
739
	'take the user to receive and enter a token.');
740
741
if (isset($id) && $a_server[$id])
742
{
743
	$section->addInput(new Form_Input(
744
		'id',
745
		null,
746
		'hidden',
747
		$id
748
	));
749 6306b5dd Ermal Lu?i
}
750 a0165602 Sjon Hortensius
751
$form->add($section);
752
print $form;
753 ac9d8bed Stephen Beaver
?>
754
<script>
755
//<![CDATA[
756
events.push(function(){
757 501efbd2 Stephen Beaver
	function select_clicked() {
758
		if (document.getElementById("ldap_port").value == '' ||
759 7b4b0ad3 Stephen Beaver
			document.getElementById("ldap_host").value == '' ||
760
			document.getElementById("ldap_scope").value == '' ||
761
			document.getElementById("ldap_basedn").value == '' ||
762
			document.getElementById("ldapauthcontainers").value == '') {
763 501efbd2 Stephen Beaver
			alert("<?=gettext("Please fill the required values.");?>");
764
			return;
765
		}
766 7b4b0ad3 Stephen Beaver
767 501efbd2 Stephen Beaver
		if (!document.getElementById("ldap_anon").checked) {
768
			if (document.getElementById("ldap_binddn").value == '' ||
769 7b4b0ad3 Stephen Beaver
				document.getElementById("ldap_bindpw").value == '') {
770 501efbd2 Stephen Beaver
				alert("<?=gettext("Please fill the bind username/password.");?>");
771
				return;
772
			}
773
		}
774
		var url = 'system_usermanager_settings_ldapacpicker.php?';
775
		url += 'port=' + document.getElementById("ldap_port").value;
776
		url += '&host=' + document.getElementById("ldap_host").value;
777
		url += '&scope=' + document.getElementById("ldap_scope").value;
778
		url += '&basedn=' + document.getElementById("ldap_basedn").value;
779
		url += '&binddn=' + document.getElementById("ldap_binddn").value;
780
		url += '&bindpw=' + document.getElementById("ldap_bindpw").value;
781
		url += '&urltype=' + document.getElementById("ldap_urltype").value;
782
		url += '&proto=' + document.getElementById("ldap_protver").value;
783
		url += '&authcn=' + document.getElementById("ldapauthcontainers").value;
784
		<?php if (count($a_ca) > 0): ?>
785
			url += '&cert=' + document.getElementById("ldap_caref").value;
786
		<?php else: ?>
787
			url += '&cert=';
788
		<?php endif; ?>
789 7b4b0ad3 Stephen Beaver
790 501efbd2 Stephen Beaver
		var oWin = window.open(url, "pfSensePop", "width=620,height=400,top=150,left=150");
791
		if (oWin == null || typeof(oWin) == "undefined") {
792 7b4b0ad3 Stephen Beaver
			alert("<?=gettext('Popup blocker detected.	Action aborted.');?>");
793 501efbd2 Stephen Beaver
		}
794
	}
795 7b4b0ad3 Stephen Beaver
796 f3a43095 Stephen Beaver
	function set_ldap_port() {
797 7b4b0ad3 Stephen Beaver
		if($('#ldap_urltype').find(":selected").index() == 0)
798 f3a43095 Stephen Beaver
			$('#ldap_port').val('389');
799
		else
800 7b4b0ad3 Stephen Beaver
			$('#ldap_port').val('636');
801
	}
802
803
	// Hides all elements of the specified class. This will usually be a section
804
	function hideClass(s_class, hide) {
805
		if(hide)
806
			$('.' + s_class).hide();
807
		else
808
			$('.' + s_class).show();
809 f3a43095 Stephen Beaver
	}
810 7b4b0ad3 Stephen Beaver
811 ac9d8bed Stephen Beaver
	function ldap_tmplchange() {
812
		switch ($('#ldap_tmpltype').find(":selected").index()) {
813
<?php
814
		$index = 0;
815
		foreach ($ldap_templates as $tmpldata):
816
?>
817
			case <?=$index;?>:
818
				$('#ldap_attr_user').val("<?=$tmpldata['attr_user'];?>");
819
				$('#ldap_attr_group').val("<?=$tmpldata['attr_group'];?>");
820
				$('#ldap_attr_member').val("<?=$tmpldata['attr_member'];?>");
821
				break;
822
<?php
823
			$index++;
824
		endforeach;
825
?>
826
		}
827
	}
828 a0165602 Sjon Hortensius
829 eef93144 Jared Dillard
	// ---------- On initial page load ------------------------------------------------------------
830 782922c2 Stephen Beaver
831 c4302457 Stephen Beaver
<?php if ($act != 'edit') : ?>
832 ac9d8bed Stephen Beaver
	ldap_tmplchange();
833 c4302457 Stephen Beaver
<?php endif; ?>
834
835 b0909f2e Stephen Beaver
	hideClass('ldapanon', $('#ldap_anon').prop('checked'));
836 501efbd2 Stephen Beaver
	$("#Select").prop('type','button');
837 e39a41e9 Stephen Beaver
	hideClass('extended', !$('#ldap_extended_enabled').prop('checked'));
838 7b4b0ad3 Stephen Beaver
839 f3a43095 Stephen Beaver
	if($('#ldap_port').val() == "")
840
		set_ldap_port();
841 ac9d8bed Stephen Beaver
842 ea342b0f Stephen Beaver
<?php
843
	if($act == 'edit') {
844
?>
845 6157f724 Stephen Beaver
		$('#type option:not(:selected)').each(function(){
846 7b4b0ad3 Stephen Beaver
			$(this).attr('disabled', 'disabled');
847 6157f724 Stephen Beaver
		});
848 7b4b0ad3 Stephen Beaver
849 2138c41b Stephen Beaver
<?php
850
		if(!$input_errors) {
851 7b4b0ad3 Stephen Beaver
?>
852 6157f724 Stephen Beaver
		$('#name').prop("readonly", true);
853 ea342b0f Stephen Beaver
<?php
854 2138c41b Stephen Beaver
		}
855 ea342b0f Stephen Beaver
	}
856
?>
857 eef93144 Jared Dillard
	// ---------- Click checkbox handlers ---------------------------------------------------------
858 782922c2 Stephen Beaver
859 ac9d8bed Stephen Beaver
	$('#ldap_tmpltype').on('change', function() {
860
		ldap_tmplchange();
861
	});
862 b0909f2e Stephen Beaver
863 7b4b0ad3 Stephen Beaver
	$('#ldap_anon').click(function () {
864
		hideClass('ldapanon', this.checked);
865
	});
866
867 f3a43095 Stephen Beaver
	$('#ldap_urltype').on('change', function() {
868
		set_ldap_port();
869 7b4b0ad3 Stephen Beaver
	});
870
871
	$('#Select').click(function () {
872
		select_clicked();
873
	});
874 504bd882 Stephen Beaver
875 e39a41e9 Stephen Beaver
	$('#ldap_extended_enabled').click(function () {
876
		hideClass('extended', !this.checked);
877
	});
878 504bd882 Stephen Beaver
879 ac9d8bed Stephen Beaver
});
880
//]]>
881
</script>
882
<?php
883 81ec3187 Chris Buechler
include("foot.inc");